on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]

Robert J. Hansen rjh at sixdemonbag.org
Wed Feb 16 05:44:00 CET 2011

On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote:
> Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly
> harder to spoof, but easily within reach of a well-funded organization.

IIRC, Jon Callas says an accidental long-ID collision has occurred.  I
don't recall the details.  Still, the point is that collisions don't
just happen by deliberate attack.

More information about the Gnupg-users mailing list